CVE-2021-2340 in MySQL Serverinfo

Summary

by MITRE • 07/21/2021

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 08/12/2025

The vulnerability identified as CVE-2021-2340 resides within the MySQL Server memcached component, representing a significant security weakness that affects MySQL versions 8.0.25 and earlier. This flaw operates within the server infrastructure where memcached integration is enabled, creating an attack surface that can be exploited by adversaries with elevated privileges and network connectivity. The vulnerability's classification as easily exploitable indicates that attackers with minimal technical sophistication can leverage this weakness to compromise system integrity. The attack vector requires network access through multiple protocols, suggesting that the vulnerability can be triggered from various connection methods that MySQL supports, making it particularly concerning for environments where multiple network interfaces or protocols are utilized.

The technical nature of this vulnerability stems from insufficient access controls within the memcached integration module of MySQL Server. When memcached functionality is enabled, the system fails to properly validate or restrict access permissions for certain operations, creating an opportunity for privilege escalation attacks. The flaw specifically impacts the availability aspect of the system, allowing attackers to execute partial denial of service conditions that can disrupt normal database operations. This partial DOS capability means that while the entire system may not crash completely, critical database services can be degraded or rendered partially inaccessible to legitimate users. The CVSS base score of 2.7 reflects the relatively low severity impact compared to other vulnerabilities, yet the combination of high privilege requirements and network accessibility creates a dangerous operational risk.

From an operational standpoint, this vulnerability poses substantial risks to database environments that utilize memcached integration within their MySQL deployments. Organizations with MySQL servers running versions 8.0.25 or earlier that have memcached functionality enabled are particularly vulnerable to attacks that could disrupt database availability. The partial denial of service impact can severely affect business operations, especially in environments where database availability is critical for application functionality. The requirement for high privileged access means that this vulnerability is more likely to be exploited by insiders or attackers who have already compromised other system components, making it a potential stepping stone for more extensive attacks. The availability impact level of CVSS 3.1 indicates that while the attack may not completely destroy the system, it can significantly impair service delivery and operational efficiency.

Organizations should prioritize immediate remediation through patch updates to MySQL Server versions that address this memcached integration vulnerability. The recommended mitigation strategy involves upgrading to MySQL versions that have resolved this specific flaw, as Oracle has likely released patches to address the access control issues within the memcached component. Additionally, implementing network segmentation and access control measures can help reduce the attack surface by limiting network access to MySQL servers and restricting memcached functionality to only trusted network segments. Security teams should also consider disabling memcached integration entirely if it is not essential for operations, as this eliminates the vulnerability entirely. Monitoring for suspicious network activity related to memcached connections and implementing intrusion detection systems can help identify potential exploitation attempts. The vulnerability aligns with CWE-284 Access Control Issues, specifically focusing on insufficient access control within database server components, and represents a potential tactic under the ATT&CK framework related to privilege escalation and denial of service operations.

Responsible

Oracle

Reservation

12/09/2020

Disclosure

07/21/2021

Moderation

accepted

CPE

ready

EPSS

0.02312

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!